Docker SWAG

Deploy and configure open-appsec ML-based WAF integrated with Docker SWAG to preemptively protect your web apps and APIs against zero-day attacks and OWASP Top 10 attacks.

open-appsec Docker SWAG integration is currently in "beta".

Learn how to deploy “Secure Web Application Gateway” (SWAG) integrated with open-appsec WAF on Docker using docker-compose.

This easy-to-deploy integration enhances and secures your Docker SWAG deployment with automatic and preemptive threat prevention using machine learning to protect the web services exposed by Docker SWAG providing protection against zero-day and OWASP-TOP-10 attacks.

About Docker SWAG

LinuxServer.io’s SWAG docker image (Secure Web Application Gateway) provides users an easy way to deploy an NGINX web server and reverse proxy with PHP support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (“Let's Encrypt” and “ZeroSSL”). Further it contains “fail2ban”, which can block IP addresses with too many failed authentication attempts.

Website and Docs: docs.linuxserver.io/general/swag/ Github: linuxserver/docker-swag

Integration of Docker SWAG with open-appsec

The SWAG container deployed as part of the docker-compose is using the “swag-attachment” image, provided by the open-appsec team, which is based on the regular SWAG image but also adds the open-appsec attachment to it as an NGINX module. This attachment enables the connection between the SWAG's NGINX reverse proxy and the open-appsec agent and provides the HTTP data for inspection to the agent. You can read more about open-appsec’s technology here: https://www.openappsec.io/tech

The resulting architecture with the open-appsec Agent container and the SWAG container then looks like this:

Management options for open-appsec WAF integrated with SWAG

There are two main ways to manage and monitor open-appsec WAF when integrated with SWAG on Docker.

Locally manage open-appsec using a declarative configuration file and monitor logs locally using CLI or e.g. a syslog compatible server. (note that even when managing open-appsec locally you can still connect the deployment to the central WebUI for monitoring, security log analysis as well as viewing the local configuration in read-only mode, more info on this later)
Centrally manage open-appsec configuration and monitor security logs and agent status using the free, easy-to-use WebUI (SaaS) available at https://my.openappsec.io Connecting your deployment to the open-appsec central WebUI provides many benefits. Using the WebUI (SaaS) is optional and included in all editions, including open-appsec free community edition.

- Central WebUI for viewing/managing all open-appsec configuration and functionality
- Store and view your open-appsec security logs
- Monitor your open-appsec deployments
- Monitor learning status of each of your protected assets
- See learning progress and status
- Receive and manage tuning suggestions
- Get cloud-based shared learning between multiple agents (e.g. in HA scenario)

You find the deployment guides for both of these options here:

Install Docker SWAG with open-appsec (locally managed)Install Docker SWAG with open-appsec (centrally managed)

You can also start with locally managed open-appsec and connect to central WebUI later on.

PreviousFrequently Asked Questions NextInstall Docker SWAG with open-appsec (locally managed)

Last updated 3 months ago